wildcard fqdn for destination in security policy. FQDN for  abc*.def.com

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

wildcard fqdn for destination in security policy. FQDN for  abc*.def.com

L1 Bithead

Team , I have a question about something that I guess is not possible to configure but will like to confirm if possible . My client want to allow  Internal NW 10.0.0.0/8 to FQDN abc1.def.com port HTTPS , this is normal and I have a few of this rules already implemented. Now the question is , is possible to create a FQDN for  abc*.def.com?, a wildcard FQDN like abc*.edf.com could be created, it would cover all the individually numbered abc destinations or I will have to create individuals FQDNs for each abc*. . Thanks in advance

5 REPLIES 5

L4 Transporter

Hello

If I remember it right, then the asterisk can only be used between dots, between start and dot, and between dot and end.

To achieve what you plan, you need to use ^ (which requires PAN-OS 9.1 or higher) --> abc^.def.com/

Hi JoergSchuetter

I tested this on 9.1 abc^.def.com ,  The value on this field is invalid , Cant use ^ on the FQDN. Any other suggestion. Thanks 

My bad, I thought you were talking about a fqdn within a URL object.

L1 Bithead

I was wondering if instead of creating 5 different FQDN objects abc1.def.com, abc2.def.com, abc3.def.com, abc4.def.com, abc5.def.com, I could create one to cover all 5 ,  abc*.def.com. So far I guess is not possible. 

 

L1 Bithead

Thanks 

 

  • 5727 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!